gloak

Core types and HTTP helpers for the gloak Keycloak library.

This module owns validated boundary values and the shared Sans-IO request and response helpers used by gloak/oidc and gloak/admin. It does not send HTTP requests, manage processes, store tokens, or verify JWT signatures. Callers execute the returned gleam_http requests with their HTTP client of choice and pass responses back to *_response functions.

Examples

import gloak

pub fn build_server() {
  gloak.server("https://auth.example.com")
}

Types

@superdocs Core Values Bearer access token.

pub opaque type AccessToken

ClientId

opaque

@superdocs Core Values OAuth client id.

pub opaque type ClientId

@superdocs Core Values OAuth client secret. Keep this value server-side.

pub opaque type ClientSecret

@superdocs Core Values Keycloak internal client UUID.

pub opaque type ClientUuid

@superdocs Domain States Whether Keycloak considers an email address verified.

pub type EmailVerification {
  EmailAddressVerified
  EmailAddressUnverified
}

Constructors

  • EmailAddressVerified
  • EmailAddressUnverified

@superdocs Errors Library errors for configuration, request construction, and response decode.

pub type Error {
  InvalidConfiguration(field: String, reason: String)
  InvalidRequestUrl(url: String)
  UnexpectedStatus(status: Int, body: String)
  InvalidResponseBody(reason: String)
  MissingHeader(name: String)
  InvalidCallback(reason: String)
  VerificationFailed(reason: String)
}

Constructors

  • InvalidConfiguration(field: String, reason: String)

    A caller-provided configuration or domain value is invalid.

  • InvalidRequestUrl(url: String)

    A request could not be built from a URL in configuration or metadata.

  • UnexpectedStatus(status: Int, body: String)

    Keycloak returned a non-2xx HTTP status.

  • InvalidResponseBody(reason: String)

    A response body could not be decoded as the expected contract.

  • MissingHeader(name: String)

    A required response header was absent.

  • InvalidCallback(reason: String)

    An authorization callback failed validation.

  • VerificationFailed(reason: String)

    JWT verification or verified-claim decoding failed.

@superdocs Domain States Whether JWT validation requires an expiration claim.

pub type ExpirationRequirement {
  RequireExpiration
  AllowMissingExpiration
}

Constructors

  • RequireExpiration
  • AllowMissingExpiration

GroupId

opaque

@superdocs Core Values Keycloak group id.

pub opaque type GroupId

IdToken

opaque

@superdocs Core Values OIDC ID token.

pub opaque type IdToken

@superdocs HTTP Boundary The request type returned by every *_request function.

pub type KeycloakRequest =
  request.Request(String)

@superdocs HTTP Boundary The response type accepted by every *_response function.

pub type KeycloakResponse =
  response.Response(String)

@superdocs Domain States Password reset credential lifecycle.

pub type PasswordCredentialState {
  TemporaryPassword
  PermanentPassword
}

Constructors

  • TemporaryPassword
  • PermanentPassword

Realm

opaque

@superdocs Core Values Keycloak realm name.

pub opaque type Realm

@superdocs Core Values OAuth refresh token.

pub opaque type RefreshToken

@superdocs Domain States Administrative resource lifecycle state.

pub type ResourceState {
  ResourceEnabled
  ResourceDisabled
}

Constructors

  • ResourceEnabled
  • ResourceDisabled

@superdocs Domain States Source of an Admin API role.

pub type RoleOrigin {
  RealmRole
  ClientRole
}

Constructors

  • RealmRole
  • ClientRole

Server

opaque

@superdocs Core Values Keycloak server origin, without a trailing slash.

pub opaque type Server

@superdocs Domain States OAuth token activity returned by introspection.

pub type TokenActivity {
  TokenActive
  TokenInactive
}

Constructors

  • TokenActive
  • TokenInactive

UserId

opaque

@superdocs Core Values Keycloak user id.

pub opaque type UserId

Values

pub fn access_token(value: String) -> Result(AccessToken, Error)

@superdocs Constructors Builds a non-empty access token.

pub fn access_token_to_string(value: AccessToken) -> String

@superdocs Conversions Returns the access token string.

pub fn bearer_header(token: AccessToken) -> #(String, String)

@superdocs HTTP Boundary Header for bearer-token authenticated requests.

pub fn client_id(value: String) -> Result(ClientId, Error)

@superdocs Constructors Builds a non-empty client id.

pub fn client_id_to_string(value: ClientId) -> String

@superdocs Conversions Returns the client id string.

pub fn client_secret(
  value: String,
) -> Result(ClientSecret, Error)

@superdocs Constructors Builds a non-empty client secret.

pub fn client_secret_to_string(value: ClientSecret) -> String

@superdocs Conversions Returns the client secret string.

pub fn client_uuid(value: String) -> Result(ClientUuid, Error)

@superdocs Constructors Builds a non-empty Keycloak internal client UUID.

pub fn client_uuid_to_string(value: ClientUuid) -> String

@superdocs Conversions Returns the client UUID string.

pub fn created_location_response(
  response: response.Response(String),
) -> Result(String, Error)

@superdocs HTTP Boundary Decodes a 201 Created response location header.

pub fn decode_json_response(
  response: response.Response(String),
  decoder: decode.Decoder(a),
) -> Result(a, Error)

@superdocs HTTP Boundary Decodes a successful JSON response body with a dynamic decoder.

pub fn form_body(values: List(#(String, String))) -> String

@superdocs HTTP Boundary Builds an application/x-www-form-urlencoded request body.

pub fn form_headers() -> List(#(String, String))

@superdocs HTTP Boundary Header for form-url-encoded OAuth requests.

pub fn group_id(value: String) -> Result(GroupId, Error)

@superdocs Constructors Builds a non-empty group id.

pub fn group_id_to_string(value: GroupId) -> String

@superdocs Conversions Returns the group id string.

pub fn id_token(value: String) -> Result(IdToken, Error)

@superdocs Constructors Builds a non-empty ID token.

pub fn id_token_to_string(value: IdToken) -> String

@superdocs Conversions Returns the ID token string.

pub fn json_headers() -> List(#(String, String))

@superdocs HTTP Boundary Header for JSON request and response bodies.

pub fn realm(value: String) -> Result(Realm, Error)

@superdocs Constructors Builds a non-empty realm name.

pub fn realm_to_string(value: Realm) -> String

@superdocs Conversions Returns the realm name string.

pub fn refresh_token(
  value: String,
) -> Result(RefreshToken, Error)

@superdocs Constructors Builds a non-empty refresh token.

pub fn refresh_token_to_string(value: RefreshToken) -> String

@superdocs Conversions Returns the refresh token string.

pub fn request(
  server server: Server,
  method method: http.Method,
  path path: String,
  query query: List(#(String, String)),
  headers headers: List(#(String, String)),
  body body: String,
) -> request.Request(String)

@superdocs HTTP Boundary Builds a request relative to the validated Keycloak server origin.

pub fn request_to(
  url url: String,
  method method: http.Method,
  headers headers: List(#(String, String)),
  body body: String,
) -> Result(request.Request(String), Error)

@superdocs HTTP Boundary Builds a request from an absolute URL, usually from discovered OIDC metadata.

pub fn server(value: String) -> Result(Server, Error)

@superdocs Constructors Builds a Keycloak server origin from http:// or https:// input.

gloak.server("https://auth.example.com/")
// -> Ok(server)
pub fn server_to_string(value: Server) -> String

@superdocs Conversions Returns the server origin string.

pub fn success_response(
  response: response.Response(String),
) -> Result(response.Response(String), Error)

@superdocs HTTP Boundary Returns Ok(response) for 2xx statuses or an UnexpectedStatus error.

pub fn user_id(value: String) -> Result(UserId, Error)

@superdocs Constructors Builds a non-empty user id.

pub fn user_id_to_string(value: UserId) -> String

@superdocs Conversions Returns the user id string.

Search Document